Since we’ve launched our mobile apps privacy policy generator we’ve started to publish guides on how to submit your app to the app stores with a privacy policy. You are reading the guide on the Windows Phone.

1) Do I have to include a privacy policy in my Windows Phone app?

Well, that depends on what the app is doing. But consider the fact, that you can never be wrong including a link or a full page view of your privacy policy. It is however very likely that you are required by law to include a privacy policy into your Windows Phone creation. Easy CHECK: Am I collecting/storing/sharing personal information like email, names or sensitive data like payments info or using a third party service that accesses my info?

You are likely using a third party service in your app that requires you to add a privacy policy to your app. Additionally to a legal requirement it is often an additional prerequisite to use a specific service. Check in your service provider’s terms. A very popular third party service that requires you to post a privacy policy in their TOS is Google Analytics (they also have a mobile solution).

2) Am I required by the Windows Phone Store to post a privacy policy?

This store does still not require you within a blank statement to have a privacy policy in any case. You can therefore post an app to the store that is non-compliant with privacy laws. But it’s actually very unlikely that you won’t be covered by one of the following requirements below:

From the App certification requirements for the Windows Store: “If your app has the technical ability to transmit data, you must maintain a privacy policy. You must provide access to your privacy policy in the Description page of your app, as well as in the app’s settings as displayed in the Windows Settings charm”

From the App Developer Agreement: “If your app enables access to and the use of any Internet-based services, or otherwise collects or transmits any user’s personal information, you must maintain a privacy policy. You are responsible for informing customers of your privacy policy (including by submitting that policy to us for display to customers). Your privacy policy must (i) comply with applicable laws and regulations, (ii) inform users of the information collected by your app and how that information is used, stored, secured and disclosed, and (iii) describe the controls that users have over the use and sharing of their information, and how they may access their information. You must also provide access to your privacy policy in the app’s settings as displayed in the Windows settings charm”.

From same App Developer Agreement: The app and your marketing of the app must comply with the laws of each territory or country into which you request distribution of the app. This includes: (i) data protection, privacy and other laws and regulations relating to collection and use of user information by your app (ii) telecommunications laws and (iii) content ratings regulations. If you are required to make any disclosures to consumers prior to sale or download of the app, you must provide those in the app description field. Those may include your full contact information, notice that an app supports in-app purchases, or other disclosures. You must make such notices sufficiently prominent as is required by local law. Your app must not require further export, import or technology control licensing from any government. You must disclose to Microsoft any controlled technology employed, used or supported by your app. You may not use the Windows Store or any services or tools made available for the development of apps for any illegal activity.

From App policies for Windows Phone: The privacy policy of your app must inform users about how location data from the Location Service API is used and disclosed and the controls that users have over the use and sharing of location data. This can be hosted within or directly linked from the app. The privacy policy must be accessible from your app at any time – (2.7.2).

Same App policies I (2.7.4): If your app publishes or makes available location data obtained from the Location Service API to any other service or other person (including advertising networks), your app must implement a method to obtain opt-in consent. To “implement a method to obtain ‘opt-in’ consent,” the app must:

provide your privacy policy, which must be persistently accessible from within the app (and may also be made available in app details by populating the Privacy URL field in Dev Center) and must describe how the location information will be accessed, used or shared;

Same App policies II (2.8): If your app (a) accesses or uploads a user’s Contacts, Photos, Phone number, SMS history, Browsing history or any other data reasonably considered personal in nature, or if your app shares any of the foregoing information with third-party services or individuals, or (b) shares any unique device or user IDs, combined with user information, with third-party services or individuals, the app must implement a method to obtain the user’s “opt-in” consent. To “implement a method to obtain ‘opt-in’ consent,” the app must:

provide your privacy policy, which must be persistently accessible from within the app (and may also be made available in app details by populating the Privacy URL field in Dev Center) and must describe how the information will be accessed, used or shared;

The California Attorney General is working on making all apps privacy regulations compliant and working on this with the big platform providers like Microsoft. This situation could therefore change down the road.

3) How do I add/edit my privacy policy on the Windows Phone store?

This section explains how you add your privacy policy to the actual app store page for users or customers to preview the data collection practices before downloading:

4) An example privacy policy for Windows Phone Apps?

A lot of people ask for sample privacy policies for apps. Let’s start with the legal minimum requirements. A good starting point is the California Online Privacy Protection act (CalOPPA), and even better Europe’s minimum requirements since they are more refined:

Our Approach of Generating a Windows Phone Privacy Policy

So here’s where iubenda’s privacy policy generator will come in very handy: 1) Define the services and categories of data collection your app is making use of. 2) Add the services (and categories of data collection like “access to address book”) you are using to your policy and it will generate the full text privacy policy in a condensed easily scannable fashion as well as an entire document your users can read if they want. 3) You can either link to your policy or embed the text into your app.

Help

Country

The software, materials and assistance provided by iubenda have the only purpose of helping users with compliance regarding their legal requirements. In particular, the templates iubenda provides are generated automatically, yet every word of our template has been written and continuously revised by a skilled legal team. However, as can be easily understood, nothing can substitute a professional legal consultancy in the drafting of your privacy policy, cookie policy or of any other legal document or compliance procedure. Our service does its best to provide you with a starting point, like an extremely sophisticated templates book, but even if we strive to provide the best assistance possible, we cannot guarantee any conformity with the law, which only a lawyer can do. Nothing on this site, therefore, shall be considered legal advice and no attorney-client relationship is established. Please note that in some cases, depending on your legislation, further actions may be required to make your activity compliant with the law.